Affected script: "install-scripts:post-install-cmd"
The script is using PHIVE to install unknown package(s) and it has a potential security vulnerability as it forces the system to accept unsigned packages (--force-accept-unsigned). This means that any package, even if it's not signed by the authors, will be accepted and installed, which can lead to the installation of malicious programs. Additionally, the --trust-gpg-keys flag is used, which means it is blindly trusting specific keys. Without verifying these keys, this could allow a potential attacker to run arbitrary code on the system under the guise of these trusted keys.
sitepark/github-composer-release-test
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|